+/** char epoch_to_human(int time)
+ * Returns a string that is a human readable
+ * datetime from an epoch int.
+ */
+char *epoch_to_human(time_t epoch)
+{
+ struct tm *ts;
+ static char buf[80];
+
+ ts = localtime(&epoch);
+ strftime(buf, sizeof(buf), "%Y %b %d %H:%M:%S", ts);
+ return(buf);
+}
+
+
/** char *el_getCategory(int category_id)
* Returns a string related to the category id of the log.
*/
if(descriptive_msg != NULL)
{
- /* Remove any \n or \r */
- /* Replace tabs from the argument field to spaces.
- * So whenever we have option:\tvalue\t, it will
- * become option: value\t
- */
- tmp_str = descriptive_msg;
- while(*tmp_str != '\0')
- {
- if(*tmp_str == '\n')
- *tmp_str = ' ';
- else if(*tmp_str == '\r')
- *tmp_str = ' ';
- else if((*tmp_str == ':') && (tmp_str[1] == '\t'))
- {
- tmp_str[1] = ' ';
- tmp_str++;
- }
-
- tmp_str++;
- }
+ /* format message */
+ win_format_event_string(descriptive_msg);
}
}
else
final_msg[OS_MAXSTR - OS_LOG_HEADER -1] = '\0';
snprintf(final_msg, OS_MAXSTR - OS_LOG_HEADER -1,
- "WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s",
+ "%s WinEvtLog: %s: %s(%d): %s: %s: %s: %s: %s",
+ epoch_to_human((int)el->er->TimeGenerated),
el->name,
category,
id,
projects / ossec-hids.git / blobdiff